diff --git a/dracut-early-kdump.sh b/dracut-early-kdump.sh
index 129841e..0124564 100755
--- a/dracut-early-kdump.sh
+++ b/dracut-early-kdump.sh
@@ -49,11 +49,6 @@ early_kdump_load()
 
     EARLY_KEXEC_ARGS=$(prepare_kexec_args "${KEXEC_ARGS}")
 
-    if is_secure_boot_enforced; then
-        dinfo "Secure Boot is enabled. Using kexec file based syscall."
-        EARLY_KEXEC_ARGS="$EARLY_KEXEC_ARGS -s"
-    fi
-
     # Here, only output the messages, but do not save these messages
     # to a file because the target disk may not be mounted yet, the
     # earlykdump is too early.
diff --git a/kdump-lib.sh b/kdump-lib.sh
index 24c3e63..8dd63a6 100755
--- a/kdump-lib.sh
+++ b/kdump-lib.sh
@@ -713,6 +713,15 @@ prepare_kexec_args()
             fi
         fi
     fi
+
+    # For secureboot enabled machines, use new kexec file based syscall.
+    # Old syscall will always fail as it does not have capability to do
+    # kernel signature verification.
+    if is_secure_boot_enforced; then
+        dinfo "Secure Boot is enabled. Using kexec file based syscall."
+        kexec_args="$kexec_args -s"
+    fi
+
     echo $kexec_args
 }
 
diff --git a/kdumpctl b/kdumpctl
index c41e6f5..1df9822 100755
--- a/kdumpctl
+++ b/kdumpctl
@@ -666,15 +666,6 @@ load_kdump()
 	KEXEC_ARGS=$(prepare_kexec_args "${KEXEC_ARGS}")
 	KDUMP_COMMANDLINE=$(prepare_cmdline "${KDUMP_COMMANDLINE}" "${KDUMP_COMMANDLINE_REMOVE}" "${KDUMP_COMMANDLINE_APPEND}")
 
-	# For secureboot enabled machines, use new kexec file based syscall.
-	# Old syscall will always fail as it does not have capability to
-	# to kernel signature verification.
-	if is_secure_boot_enforced; then
-		dinfo "Secure Boot is enabled. Using kexec file based syscall."
-		KEXEC_ARGS="$KEXEC_ARGS -s"
-		load_kdump_kernel_key
-	fi
-
 	ddebug "$KEXEC $KEXEC_ARGS $standard_kexec_args --command-line=$KDUMP_COMMANDLINE --initrd=$TARGET_INITRD $KDUMP_KERNEL"
 
 	# The '12' represents an intermediate temporary file descriptor
@@ -994,7 +985,13 @@ start_fadump()
 
 start_dump()
 {
-	if [ $DEFAULT_DUMP_MODE == "fadump" ]; then
+	# On secure boot enabled Power systems, load kernel signing key on .ima for signature
+	# verification using kexec file based syscall.
+	if [[ "$(uname -m)" == ppc64le ]] && is_secure_boot_enforced; then
+		load_kdump_kernel_key
+	fi
+
+	if [[ $DEFAULT_DUMP_MODE == "fadump" ]]; then
 		start_fadump
 	else
 		load_kdump